KLC
Consulting, Inc
|
Change MAC Addresses on
|
Tel: 617-921-5410 |
| Trojan Analysis | Security Resources | Spoof MAC Address |
| By: |
URL of this article is http://www.klcconsulting.net/change_mac_w2k.htm |
Make Contributions |
Last Update: 2/4/2003 Original Release: 11/19/ 2002 |
|
|
|||
| Why: |
|
| How: |
|
| Caution: |
|
| Tool: |
|
There could be couple ways to do this. Make sure you read through the steps first. If my explanation does not make sense to you, it’s probably my writing. Please send me an email. However, if you want to follow the steps below, you probably want to make sure you are technically comfortable before you start. If you are not technically comfortable, you can use KLC's GUI-based MAC Address Modifying Utility, SMAC, to simply change MAC addresses on Windows 2000 & XP. The following information is provided “AS IS.” If you have any inputs, please send me an email.
| *** Disclaimer: Try
these steps at your own risk!!!
These steps will work, but they are not supported by
Microsoft. *** I will not be responsible for any damages that might occur on your system. *** Please don't try the steps below if you do not agree with this disclaimer! |
Before we start: KLC Consulting Security Team has developed a Windows MAC Address Modifying tool, SMAC. SMAC is developed based on this research article, and it has many functionalities. SMAC allows Windows 2000 & XP users to change MAC address regardless of whether manufacturers allow this option or not. URL of SMAC is http://www.klcconsulting.net/smac.
Method 1:
This is depending on the type of Network Interface Card (NIC) you have. If you have a card that doesn’t support Clone MAC address, then you have to go to second method.
Go to Start->Settings->Control Panel and double click on Network and Dial-up Connections.
Right click on the NIC you want to change the MAC address and click on properties.
Under “General” tab, click on the “Configure” button
Click on “Advanced” tab
Under “Property section”, you should see an item called “Network Address” or "Locally Administered Address", click on it.
On the right side, under “Value”, type in the New MAC address you want to assign to your NIC. Usually this value is entered without the “-“ between the MAC address numbers.
Goto command prompt and type in “ipconfig /all” or “net config rdr” to verify the changes. If the changes are not materialized, then use the second method.
If successful, reboot your Windows 2000 system.
Method 2:
This method requires some knowledge on the Windows 2000 and the Windows Registry. If you are not familiar with Windows Registry, consult with a technical person before you attempt on the following steps. Also, make sure you have a good backup of your registry.
a. Goto command prompt and type “ipconfig /all”, and
I. Record the Description for the NIC you want to change.
II. Record the Physical Address for the NIC you want to change.
Physical Address is the MAC Address
figure 1.
b. Goto command prompt and type “net config rdr”, and you should see something like
figure 2.
c. Remember the number between the long number (GUID) inside the { }. For example, in the above “net config rdr” output, for MAC address “00C095ECB793,” you should remember {1C9324AD-ADB7-4920-B02D-AB281838637A}. You can copy and paste it to the Notepad, that’s probably the easiest way. (See figure 2.)
d. Go to Start -> Run, type “regedt32” to start registry editor. Do not use “Regedit.”
e. Do a BACKUP of your registry in case you screw up the following steps. To do this
I. Click on “HKEY_LOCAL_MACHINE on Local Machine” sub-window
II. Click on the root key “HKEY_LOCAL_MACHINE”.
III. Click on the drop-down menu “Registry -> Save Subtree As” and save the backup registry in to a file. Keep this file in a safe place.
f.
Go to “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}.
Double click on it to expand the tree. The
subkeys are
Figure 3.
g.
Go through each subkey that starts with 0000. Click on 0000, check DriverDesc
keyword on the right to see if that's the NIC you want to change the MAC
address. The DriveDesc should match the Description you
recorded from step (a.-I.). If you are not 100% sure about the DriverDesc,
then you can verify by checking if the NetCfgInstanceID keyword value
matches the GUID from step (c).
If there is no match, then move on to 0001, 0002, 0003, and so on, until you
find the one you want. Usually 0000 contains the first NIC you
installed on the computer.
In this demonstration, 0000 is the NIC I selected. (See figure 3.)
h. Once you selected the subkey (i.e. 0000), check if there is a keyword "NetworkAddress" exist in the right side of the window. (See figure 3.)
I. If "NetworkAddress" keyword does not exist, then create this new keyword:
i. Click on the drop down menu “Edit -> Add Value”.
ii. In the Add Value window, enter the following value then click
OK. (See figure 4.)
Value Name: =
NetworkAddress
Data Type: =
REG_SZ
Figure 4.
iii. String Editor window will pop up at this time (see figure 5.)
iv. Enter the new MAC address you want to modify. Then click OK.
(There should not be any "-" in
this address. Your entry should only consist of 12 digits as seen in the
figure 5.)
II. If "NetworkAddress" keyword exists, make sure it shows the keyword type is REG_SZ, and it should show as NetworkAddress:REG_SZ: . This keyword might not have a value at this time.
i. Double click on the keyword NetworkAddress and the String Editor window will pop up. (See Figure 5.)
ii. Enter the new MAC address you want to modify. Then click OK.
(There should not be any
"-" in this address. Your entry should only consist of 12
digits as seen in the figure 5.)
Figure 5.
j. There are 2 ways to make the new MAC address active. Method I does not require a system reboot:
I. Goto Start->Setting->Control Panel, and double click on
"Network Neighborhood".
WARNING: Make sure you understand that you WILL lose the
network connection after completing step "ii." below, and
if you have a DHCP client, you will get a new IP address
after completing step "iii."
i. Select the Network Adaptor you just changed the MAC address.
ii. Right click on the selected Network Adaptor and click
"Disable."
Verify the status column for this adaptor
changes to "Disabled"
iii. Right click on the selected Network Adaptor and click
"Enable."
Verify the status column for this adaptor
changes to "Enabled"
iv. If for any reason it cannot be disabled or re-enabled, you have to
reboot your system to make the
changes effective.
II. Reboot your Windows 2000 system.
k. Once completing step j (if rebooting the system, wait until the reboot is completed), go to command prompt, type “ipconfig /all” to confirm the new MAC address.
Restore The TRUE Hardware burned-in MAC Address:
Remove the entry you added:
If you followed Method 1, then go back to the advanced properties window and remove the entry you add.
If you followed Method 2, then remove the "NetworkAddress" keyword you added in the registry.
Use step (j) above to activate the change you make.
Once rebooted, go to command prompt, type “ipconfig /all” to confirm the original MAC address.
If MAC Address changes does not work:
If for whatever reason the MAC address cannot be changed using method 2, make sure you restore the registry setting by following the "Restore The TRUE Hardware burned-in MAC Address" instruction above. If necessary, restore the registry you just backed-up to get your system back to the original state. You can do this by clicking on the drop-down menu “Registry->Restore,” and restore your backup registry file.
MAC Address Modifying Utility:
KLC Consulting Security Team has developed SMAC, a Windows MAC Address Modifying Utility for Windows 2000 & XP, regardless of whether manufacturers allow this option or not. URL of SMAC is http://www.klcconsulting.net/smac.
Reference:
Additional information:
Copyright © 2002-2003 KLC Consulting, Inc..
All rights reserved.